Policy Formulation in a world of digital information
Some view involvement in information policy, particularly in the government or public sector, as a means of asserting control over information. Describe the subtle, but important differences between “control of information” and its “management” or “organization.”
Don't use plagiarized sources. Get Your Custom Essay on
Policy Formulation in a world of digital information
Just from $13/Page
The dichotomy that exists in the control of information on the one hand and the pervasive availability of it on the other is at the center of the debate between the “control of information” on the one hand and its “management” or “organization” on the other. Nowhere is this dichotomy more visible than in the area of compliance, specifically the tensions that are mounting between the government’s many initiatives at compliance being more focused on the control of information vs. being prescriptive about its management. Globally, compliance initiatives are being used by governments to gain greater control over information and nowhere are this more prevalent than in the dynamics occurring around the Sarbanes-Oxley Act (2002). Many research and advisory firms are tracking the issues, trends, and implications of Sarbanes-Oxley on publicly-held corporations in the U.S., and AMR Research (2005) has quantified spending on Sarbanes-Oxley for 2006 at $6B, comprised of Internal labor within companies as 39% of the total or $2.3B, followed by technology comprising 32% or $1.9B in technologies including software applications and systems, with external consulting being 29% or $1.8B in external consulting. Indian outsourcing companies are reporting consistently strong financial results as a result of Sarbanes-Oxley legislation, according to in-country reporting from The Economist (2006).
Fundamentals of Sarbanes-Oxley
When the legislators created the Sarbanes-Oxley Act they were deliberately non-prescriptive in their approach to defining the specifics of the Act itself, focusing instead on defining compliance for disclosing financial results and financial performance over time. Sarbanes-Oxley has been successful in enabling higher levels of accountability throughout publicly-held companies mainly as a result of re-defining core processes as they relate to financial reporting and disclosure of events, both positive and negative that impacts a company’s financial performance. The Economist (2006) also states that Indian outsourcers are the greatest beneficiaries from Sarbanes-Oxley spending as U.S.-based companies are often choosing to re-define business processes that are critical to their companies in addition to attaining Sarbanes-Oxley compliance through outsourcing. Another research and advisory firm, (Gartner 2005) defines the strategy of compliance around Sarbanes-Oxley as arduous, including first a company’s interpretation of what the business regulations to their specific circumstances, understanding where the organization currently stands relative to compliance efforts, documenting a plan for achieve compliance, executing it, and devising measures and controls.
Inherent in Sarbanes-Oxley compliance efforts is the synchronizing of the many databases and data marts that contain financial data. The growth of Enterprise Content Management (ECM) has been in direct response to the need for greater coordination of financial data and the re-defining of processes to make Sarbanes-Oxley compliance easier accomplished including successful completion of audits by Sarbanes-Oxley auditors.
Columbus and Murphy (2002) defined through their series of research initiatives on the adoption of enterprise content management (ECM) as a unifying strategy across all content stores had a 5% penetration rate into many organizations. The more balkanized and fragmented content sources are in an organization the greater the need for peer-to-peer storage architectures. Columbus and Murphy found that business strategies are driving the need for peer-to-peer integration points across homegrown, legacy, third party, best-of-breed, and ERP systems’ databases.
Analyzing How Sarbanes-Oxley Is Redefining Processes and IT Spending
By this point, all publicly held companies are well down the path to SOX compliance, as a direct result of the original Section 404 compliance deadlines being very tight. The SEC has since pushed out the deadlines for small company 404 compliance to July 15, 2006. Despite this legislation focusing on the disclosure of significant events by C-level executives, the majority of the work falls on database administrators and the IT staffs.
Four sections of Sarbanes-Oxley affect IT organizations:
Section 302: Corporate Responsibility for Financial Reports. Requires that firms audit, verify, and take corrective action to make sure that their financial data has a high level of accuracy and transactions are ACID-compliant.
Section 404: Management Assessment of Internal Controls. By far the most well-known of the sections in the SOX Act, section 404 calls for support for internal controls that are auditable by a third party. This section gets the most focus because it’s pushed most often by accounting firms that sell auditing services. What’s most interesting about Section 404 is the fact that liability for reporting accuracy also carries forward to outsourcers who are contracted to complete this work.
Section 409: Real-Time Issuer Disclosures. This section defines how quickly a company has to report a material event to the public on a rapid and current basis. Many analyst firms say that the rule is 72 hours or less, and define a material event as any task that has a lasting financial impact on a firm. There’s considerable debate about just what is and isn’t a material event today — and the fact that synchronization between databases is at the heart of reporting material events throughout a company.
Section 802: Criminal Penalties for Altering Documents. Focusing on the requirement of retaining records and defining policies for archiving data, this section has the hardest impact on IT, and what’s most interesting about this specific area of the Act is that it’s not prescriptive, just instructive. This is a major difference for any IT team working on SOX compliance — the Act itself doesn’t tell you how to do this, but what level needs to be done.
Sarbanes-Oxley Audits Are the Big News for 2006
Database administrators in companies who are working to achieve Sarbanes-Oxley compliance are responsible for making their systems, processes, and reports ready for auditors to approve. These SOX Audits are what the Securities and Exchange Commission looks at in addition to a company’s own auditors review to ensure all financial statements and the processes used to produce them are consistent and clear in their results. Often SOX Auditors are finding that the underlying processes, not the reports or financial analysis, are what need fine-tuning.
The lessons learned from going through a SOX audit, pointing out key reasons why companies fail their security and compliance audits, are described below:
There tends to be an inconsistency in approaches for all audits. Some auditors start and stay on documentation, while others drill into logging security and frequency. The bottom line is that documenting processes — just like ISO 9000 efforts from the past — are what make or break a good audit. Even when a company gets audited several times, there is no standardized checklist every auditor goes down to ensure compliance.
Auditors are expecting documentation of authentication levels, usernames, and passwords. One Database Administrator found that a schematic to show the interrelationships of applications was very helpful and further built out the authentication schemes used to validate in-firewall, VPN, and extranet logins.
A common point of failure: Inefficient or unused security management on financial systems of record, including lack of support for single sign-on. Further, companies in this category often had their financial systems hacked more than once in a security audit.
Measuring progress toward compliance with your own scorecard is critical. With the typical SOX project costing $4M, it’s in your company’s best interest to create database performance scorecards to measure compliance progress every quarter before starting en mass reengineering of processes.
Line
The need for archiving and creating auditable workflows has already been causing changes in the best run IT organizations. SOX compliance requirements are forcing system upgrades in many cases for greater overall system performance. What is most vexing about all this compliance legislation is its interpretative nature and the confusion over just what constitutes a compliant strategy. The bottom line is that compliance is a corporate-wide strategy.
References
AMR Research (2005)- SOX Spending for 2006 to Exceed $6B. John Hagerty and Fenella Sirkisoon. Tuesday November 29, 2005. Accessed from the Internet on July 1, 2006:
http://www.amrresearch.com/Content/View.asp?pmillid=18967
Columbus and Murphy (2002) – Re-orienting Your Content and Knowledge Management Strategies. AMR Research. Boston, MA. Report and research findings published October 2002. Retrieved April 26, 2005:
http://www.lwcresearch.com/filesfordownloads/ReorientingYourContentandKnowledgeMgmtStrategy.pdf
Economist (2006) – Virtual champions. Economist Magazine. June 1, 2006. Retrieved from the Internet on July 2, 2006: http://www.economist.com/surveys/PrinterFriendly.cfm?story_id=6969722
Gartner (2005)
Compliance Has Many Faces. Bace, Leskela, Rozwell. Industry Research Brief G00125885. Gartner Group. January 31, 2005.
Hagerty (2006) – Lowering SOX Costs through Scope Reduction. Alert by John Hagerty.
AMR Research. Boston, MA. Thursday May 18, 2006. Accessed from the Internet on July 2, 2006:
http://www.amrresearch.com/Content/View.asp?pmillid=19469
Sarbanes-Oxley Act (2002) – U.S. Senators Sarbanes and Oxley. Passed in 2002 by both U.S. House of Representatives and U.S. Senate. Text viewed on the Internet on April 24, 2006:
http://www.aicpa.org/info/sarbanes_oxley_summary.htm
Task 2
What were some projections (promises) of digital democracy that would be enabled by ubiquitous computing and networking? How many of these identified promises has been realized? What promise of digital age democracy has clearly failed? Were these disappointments due to over hyping of the technology or is it still too early in the new digital age to give a clear assessment?
Far from the utopian vision of a massive sharing of intellectual insights, intellectual findings from research, and a new medium that could bring greater transparency and accountability into nations and corporations, the Internet has quickly become balkanized. This balkanization is partially driven by the lack of integration between various segments of itself, and this is primarily a technological limitation. Yet the far broader and more difficult challenge in this regard is the segregating of knowledge not just for profit, but for lasting competitive advantage between nations. On the one hand there is the need for competitive differentiation in company’s offerings, yet in others including the sharing of primary research in medicine and biomedical fields and stem cell research there is the ethical responsibility to share these insights gained to foster solutions to the world’s most pressing medical problems. M. Van Alstyne and E. Brynjolfsson, researchers on the growth patterns and threat of Internet balkanization from MIT, remark in their conference paper from a 1996 conference that the balkanization of science is a significant threat. The two MIT researchers cite the studies they have completed showing how despite the lowering costs of technology, many scientific professionals choose to focus only on sharing their results locally, and resist publishing the data to other professionals in other companies and cultures due to fear of duplication and also fear their financial bonuses for discovery will be negated and taken away. Corporations funding scientific research need to be held to a specific level of accountability to share the results if they are going to benefit mankind and in turn strengthen the collective assumption base that could lead to medical cures. This balkanization of the Internet when it comes to scientific discoveries could be holding back cures for some of the worlds’ most troubling diseases and medical problems.
While the balkanization of the Internet is unnecessarily slowing down the adoption of scientific discoveries that could lead to the eradication of the world’s most dreaded diseases, there are also the societal implications of an increasingly segregated and balkanized Internet. These societal implications are shown in online ethnocentric behavior that actually robs many of the world’s developing nations with the potential of finding a voice in the world’s democratic voice. This societal balkanization of the Internet is exemplified for example in the access costs for the typical family in Zimbabwe to gain access to the Internet. It is on average $500 for six months of access, and that must be purchased through neighboring country South Africa. The fact that many Internet Access Providers will not route broadband service into entire nations in Africa shows the growing digital divide occurring globally. This is clearly robbing millions of individuals with a chance to have their voice heard, gain education through online universities, and in general become members of the global community. The economics of gaining access to the Internet continues to be a major contributing factor to its balkanization as well.
The balkanization of the Internet has already made the vision of intellectual sharing, democracy and communitarianism unattainable unfortunately. As can be seen from the lack of research sharing and focus on collectively finding cures to the world’s medical challenges, massive digital divide internationally, and the focus on many societal factors including segregation and ethnocentric practices of nations, the utopian vision of the Internet revolutionizing global society will not be achieved as quickly and transparently as had once been hoped.
Despite this lack of development, there is the fact that more people than ever are getting their educations online through distance learning. In defining distance learning its’ best to look at what industry experts have to share in terms of insight. Sloan Consortium (2005) in its landmark report, Growing By Degrees: Online Education in the United States, 2005 explored the definition of distance learning from the standpoint of participation. Of their many key findings, a critical one is that distance learning today is reaching parity in terms of participation with in-person programs, which is turn making this alternative to gaining an education more accessible to other nations that may have fallen between countries caught in the balkanization of the Internet.
Quantification of trust
While the balkanization of the Internet at times showing signs of being unified through the many efforts of both organizations and nations looking to provide access and educational opportunities to everyone, the rise in scepticism of peoples’ motives on the Internet continues to bring greater and greater levels of authentication or validation of proving someone is who they say they are. This validation or quantification of trust has actually hastened the balkanization of the Internet as well. The rise in the corporate use of the Internet as a selling medium has more than any other factor driven up the need to validate someone within any given online community. There has been a parallel in the combating of terrorism as well and the two combined market dynamics of validating a person’s identity both for selling to them and ensuring they are not a national threat has created a more balkanized and virtually re-defined the role of this medium as more of a transaction hub for global businesses and less of an instrument for social change. The evolving role of the Internet in China and the recent crackdown on Google’s and Yahoo’s records by the Chinese government show that even the world’s most powerful corporations from a market capitalization perspective are still held hostage to governments’ aims and intents with the Internet, and in the case of China their focus on restricting the freedoms inherent in this powerful medium, chilling to realize. China clearly is showing what the balkanization of the Internet looks like on a daily basis.
Orwellian Monitoring Strategies in the 21st Century
George Orwell, author of Nineteen Eighty-Four (1949) a political novel set in that year defines a totalitarian state that is dominated by excessive monitoring and control of its citizens, has been often referred to in the last three years of Internet monitoring, both by employers, governments, and by marketers who unethically look at search histories and cookies or small files that define where a person using the Internet has accessed files and used information. Taken together, these invasions of privacy are in many cases violating the civil rights of online citizens worldwide in the name of defense. Yet the workplace and government monitoring is troublesome in that revelations of how the data is being used and mined come out periodically through either press leaks from inside governments or the data is inadvertently lost or worse, stolen. This monitoring issue speaks to the fundamental role of government and corporations who capture this data; they must become the trusted advisors, the servants if you will, to the people they sell and serve. To violate this trust repeatedly is to test the ethics of any nation. To play with peoples’ trust is to play with the future of any administration or corporation; the future of any institution is marked by the trust it earns and keeps with those it serves.
Government and Workplace Monitoring
Many researchers are tackling the issues of workplace and government monitoring head-on, and finding some fascinating results. Foremost of these researchers is the Pew Internet & American Life Project, headquartered in Washington, D.C. Their insights into Internet social trends specifically around privacy and its recent invasions by government, completed the report, The Future of the Internet (2005) which polled the world’s experts, totalling 1,286 individuals who are considered experts in this field globally on Internet privacy trends, and their results are startling. Their findings include the following key points:
59% of the Internet privacy experts predict that more government and corporate surveillance in homes, automobiles, mass transit, and in offices as hand-held electronic devices proliferate.
The majority feel that the ability of governments to parse through Internet traffic including e-mails, chat rooms, and websites to find terrorists will be accentuated through the use of sophisticated technologies. The tagging of paedophiles is also seen as a major benefit of this increased surveillance.
The strengths of these surveillance strategies on the part of governments and corporations will correspondingly have a negative effect on society as anyone “different” enough to be found through these search and eavesdropping technologies could potentially be tagged as a threat. The result could be imprisoning innocent citizens who have not violated any crime and are not terrorists.
The fact that surveillance of terrorists is a critical government function to alleviate the loss of innocent life, there are many civil rights associated with these activities, and the need for retaining the rights of individuals is critical. Protecting citizens and preserving their privacy is a delicate balancing act from the U.S. And Great Britain especially today.
Corporations’ monitoring their employees are sending the signal that the personal use of telephones, cell phones, PDAs, and e-mails is fair game to be monitored and reviewed. The fact that Google has even dismissed employees for blogging is a case in point; even the most progressive of corporations are faced with the task of monitoring and evaluating their employees’ use of electronic tools. Industry experts say that if employees sense they are being monitored, they typically are. According to many industry surveys, 30% of corporations today monitor their employee’s e-mail and telephone conversations. While not specifically telling employees this, corporations claim their employment agreements cover this practice. It does raise ethical questions for employers in nations where workers’ rights include privacy.
SPAM Creators Monitoring Your Every Online Move
SPAM continues to be a major disruption to productivity worldwide. This is an area where the R & D. spending of security companies continues to pay dividends, including the ability to “learn” which e-mails are valid and which are SPAM. The R & D. In this area also focuses on how to create filters than can be deployed through the use of a hosted or On Demand model as well. SPAM filters that learn are quickly making the more labor-intensive and programming-like environments more difficult to cost justify in terms of the time required to manage these previous-generation filters. The fight against SPAM however continues unabated and the use of proxy server architectures for example, where questionable e-mails rejected from filters are stored and continually parsed by more rules and constraints. The application of decision engines that can interpolate which messages are not SPAM, based on a data element as simple as a recognized e-mail address to an authentication score for the originating IP address of the message are all technologies showing promise.
A fact is also emerging that the majority of successful hackings or security breaches are from inside. The costs of these are significant and can also permanently harm key parts of the company’s business. To counter internal hacking, the need to periodically re-authenticate each login and password, re-define Virtual Private Network (VPN) strategies for remote workers and consultants, and monitor the use of confidential data are important first steps in ensuring overall system security.
Summary
The monitoring of individuals by governments and organizations they work for could potentially lead to legislation that protects the privacy of individuals, requiring their permission to have private data. The recent gaffe in the United States of all the telephone companies providing phone records could lead to a law requiring the government ask permission for this data, on such a wide scale. National security is a critical concern, yet so is a person’s right to privacy. The SPAM that is so pervasive has already been outlawed, and while it is up to specific countries for their interpretation of legal precedents in the U.S. And the United Kingdom, the focus on prosecuting companies that SPAM needs to be amplified throughout the world. Online criminals asking for login and password information have tied SPAM to identity theft and the pervasiveness of phishing, a strategy of deception that starts with e-mails. This has become an epidemic online partially driven by the SPAM practices of companies that online criminals learned from.
References
Nineteen Eighty-Four- George Orwell. Everyman’s Library. ISBN 0679417397 (First Edition Published 1949)
M. Van Alstyne and E. Brynjolfsson – Proceedings of the International Conference on Information Systems, Cleveland, OH (1996). More detailed modelling information is also available on the Web at http://web.mit.edu/marshall/www/InfoAccess.html
Link to the specific article:
http://www.casos.cs.cmu.edu/education/phd/classpapers/VanAlstyne_Could_1996.pdf
The Future of the Internet (2005) – Pew Internet & American Life Project. January 9, 2005. Susannah Fox, Associate Directory. Janna Anderson, Elon University.
Task 3
In what ways can culture shape information policy and the policy process? Be sure to cite examples to illustrate your points.
The rise in the cyberculture’s rebellious reaction to globalization of the Internet is exemplified in the thousands of chat rooms and websites dedicated to hacking techniques and tools, and the hacking of sites that are focused on taking Internet freedoms away. The most courageous of these hackers are those political voices coming out of China, focused on bringing freedom to that nation. These hackers in China are given multi-year prison sentences as an oppressive Chinese government intent on keeping its citizens under political control silences their voices for global change. One could go as far to say that the Chinese hackers and bloggers are testing the limits of the Internet’s use as a vehicle of governmental and societal change. More powerful than the lone figure standing in front of the four tanks in Tiananmen Square (1989) the Internet frightens the Chinese government and the continued voice of dissidents is truly going to test this medium of communication on a global scale.
Just as the lone figure stood in Tiananmen Square, many hackers see themselves as committing acts of defiance, and according to many researched accounts of cyber-hacking, corporations find their biggest threats internally. The fact that employees are behind many of these attacks says much about the internal cultures of companies that don’t listen to their employees and would rather focus on having one set of outside truths for the outside world and quite another internally.
Out of this frustration with two stories being told, many employees strike out and hack internal systems. Like the dissidents in China, these internal hackers see themselves as “freedom fighters” that bring the truth to the outside world. One could argue with their approaches, yet the need they have for bringing what they passionately see as the truth pervades the risks.
References
Tiananmen Square (1989) – Accounts of the Student Protests and picture of lone protester stopping tanks: http://en.wikipedia.org/wiki/Tiananmen_Square_protests_of_1989
Task 4
Is the Digital Divide a legitimate concern in the U.S. Or merely an outgrowth of partisan politics? Is the divide widening? What role should the U.S. government play in bridging the so-called “digital divide”? How serious is the “digital divide,” internationally? Give examples.
There is a significant digital divide in the United States, one of the wealthiest nations in the world, and throughout both westernized and third world nations too. The digital divide is a term that refers to wide disparities in the availability of information and technologies that are instrumental in learning and earning more over a lifetime. The Internet has become an indispensable tool for gaining greater knowledge and skills through distance learning. Due to the digital divide, the potential to advancement out of poverty for those in low-income regions of the U.S. And the world greatly diminishes their ability to break the cycle of poverty in their families. The digital divide is defined as the disparity in learning and earning potential based on income, race, geography, ethnicity and many other social factors.
There still exists a wide digital divide in the U.S., and the best indicator of it is to look at the correlation of Internet access in libraries in those counties whose per capita income is significantly below the nations’ poverty line. The 2006 Housing and Human Services Guidelines were released last month (HHS 2006) showing the per capita incomes of those at or below the poverty line by number of household members. Table 1 reports these figures. Using Geographical Information Systems’ (GIS) mapping software from software company ESRI (2006) (www.esri.com) and cross-referencing U.S. Census Data, the U.S. Government, the Gates Technology Foundation (2005)
http://www.gatesfoundation.org/default.htm. are continually looking for “poverty pockets” where incomes are below the poverty line, and therefore unemployment is high and Internet access is non-existent. The cycle of poverty is hard to break under those circumstances, yet the goal of these two organizations working together is to first identify these “poverty pockets” as their analysis teams call them, and next actually visit the county under study and get Internet access provided to local libraries. One project member said that it took over $800 in credit card charges on a foundations’ American Express card to get Qwest to run just a telephone line across a county so dial-up access could be provided to a remote New Mexico library on an Indian reservation. In other instances, these teams made up of GIS analysts, networking and telephone technicians find Internet access close and have it routed, and the foundation pays all charges. In one of the most extreme examples of ingenuity, one team working in southwest Mississippi within one of the nations’ poorest poverty belts, got approval to use a satellite link and installed a dish on top of the library. Costs and the lack of cooperation from Internet providers made this the only alternative.
These are just a few of the challenges inherent in crossing the digital divide. Other nations, including many in Africa, throughout Asia, and remote areas of China and many other third-world nations lack Internet access. Considering the fact that the World Bank reported in 2005 that only 14% of the worlds’ population has a per capita income over $10,000, it’s painfully clear that Internet access for the 86% of the world below that level could greatly be enhanced in terms of learning and earning over their lives (World Bank, 2005).
Overcoming the digital divide is a very challenging problem, as so much cooperation is needed from so many different organizations. The Gates Foundation has made significant progress, yet the lack of cooperation from Internet access companies and the focus on increasing network performance for the “haves” in the large cities is increasingly leaving the “have nots” with insufficient access to break the cycle of poverty. Clearly the government should provide the data and consider hiring a professional services organization such as Accenture, IBM Global Services, Infosys, HCL, or comparable professional services firms to go out and attain a specific level of Internet access in those most severely affected poverty pockets in the U.S. The solution needs to involve government Census data, analysis from Gates Foundation GIS analysts, and a professional services organization to implement the actual connections to libraries in the most poverty-stricken areas.
In terms of what IT professionals and IT companies can do to bridge the digital divide, volunteering is a great idea. Having networking professionals volunteer three weeks out of their year, with pay from their companies, to go and join teams in the field, would be a great start. Also having technology firms donate products and software applications, as Cisco has done with Gates Technology Foundation is a great step in the right direction. Ultimately, however the Internet service providers including all the cable companies in addition to AOL and Yahoo should be given a tax break to incent them to cooperate with these efforts. Qwests’ hard-line stance in New Mexico is what keeps the digital divide wide. There should be tax incentives and directives from the office of the CEOs in these telecommunications companies to do whatever it takes to thin the digital divide in the U.S. especially.
The bottom line is that 40% of Americans still do not have use of the Internet due to lack of skills and barriers to accessing it. The majority of these people are below the poverty line and often make less than $15,000 a year, according the Pew Center for Internet Research (2006). To break the cycle of poverty for these Americans, and the people worldwide looking to better themselves with the Internet, barriers to organizations working together must be broken through tax incentives and leadership at the highest levels of government and industry.
Table 1: 2006 HHS Poverty Guidelines
Persons in Family or Household
48 Contiguous
States and D.C.
Alaska
Hawaii
For each additional person, add
SOURCE: Federal Register, Vol. 71, No. 15, January 24, 2006, pp. 3848-3849
References
ESRI (2006). Environmental Systems Research Institute. Retrieved from the Internet on July 14, 2006. (www.esri.com)
Gates Technology Foundation (2005). Interviews and on-site visits with GIS planners and network technicians while donating servers, laptops, and desktop computers for a major PC manufacturer. Onsite interviews in Seattle, Washington. April, 2005.
HHS (2006). Federal Register Data on Poverty Line Statistics by size of household. January 24, 2006. See table 1 of this document.
Pew Center for Internet Research (2006). Key statistics downloaded from the Internet on February 14, 2006. http://people-press.org/
World Bank (2005). Global statistics on poverty. Retrieved from the Internet July 25, 2006 http://www.worldbank.org
